On Mon, 21 Jul 2003, Prem wrote: > Hi, > > Have deployed freeradius with PPPD+Radius Patch on linux box and LDAP on > Microsoft ADS. Freeradius is configured for LDAP Auth and PPPD is > configured for pointing auth to radius. Dialin user is getting > authenticated fine.. > > Microsoft ADS has a user attribiute "msNPAllowDialin" for allow/deny > dialin access. I want to deny access if user has attribute > "msNPAllowDialin" attribute set to "FALSE" > > Have setup radius.conf for following.. > > access_attr = "msNPAllowDialin" > access_attr_used_for_allow = yes > > But user still getting authenticated and allowed dialin access even if > user LDAP attribute msNPAllowDialin is set to FALSE, i.e > ""msNPAllowDialin: FALSE" I did tried "access_attr_used_for_allow = no" > with access_attr in radius.conf but still user having "msNPAllowDialin" is > getting authenticated and allowed access. > > I can see the attribute with ldapsearch bind with admin or user from linux > box. > > Any help is appreciated..and thanks in advance..
Run radiusd in debug mode and see what happens. You should see a line like: rlm_ldap: checking if remote access for <user> is allowed by msNPAllowDialin > > regards > Premal > > __________________________________ > Do you Yahoo!? > The New Yahoo! Search - Faster. Easier. Bingo. > http://search.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
